-
Notifications
You must be signed in to change notification settings - Fork 5
/
Makefile
131 lines (109 loc) · 3.13 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# See: https://stackoverflow.com/questions/15910064/how-to-compile-a-linux-kernel-module-using-std-gnu99
TARGET_MODULE := one
# Permit a user-defined kernel version with the KVER variable (#6)
KVER ?= $(shell uname -r)
# -- like /lib/modules/5.15.0-57-generic/build/certs/signing_key.x509
BUILDSYSTEM_DIR ?= /lib/modules/$(KVER)/build
EXTRA_DIR ?= /lib/modules/$(KVER)/extra
PWD := $(shell pwd)
obj-m := $(TARGET_MODULE).o
ccflags-y := -std=gnu99 -Wno-declaration-after-statement
define title
@echo -ne '\033[32m'
@echo -n $1
@echo -e '\033[0m'
endef
# Only compile the module
# -- Use: make full
# -- Retrocompatibility)
# See (#9 with the ARCH package already using makefile for a package)
all: build
full: \
check \
build \
sign \
install \
load \
test
clean: \
unbuild \
uninstall \
delete
key:
@$(call title, "Creating keys")
openssl req -new -x509 -newkey rsa:2048 -days 36500 -keyout MOK.priv -outform DER -out MOK.der -nodes -subj "/CN=TinmarinoUnsafe/"
#
# TODO backup if there is one key
cp MOK.der $(BUILDSYSTEM_DIR)/certs/signing_key.x509
cp MOK.priv $(BUILDSYSTEM_DIR)/certs/signing_key.pem
#
@echo "\e[31;1mPlease enter a password you will be asked for on reboot:\e[0m"
mokutil --import MOK.der
@echo "\e[31;1mNow you must: 1/ reboot, 2/ Select Unroll MOK, 3/ Enter password you previously gave\e[0m"
@echo
check:
@$(call title, "Checking")
@if [ ! -f MOK.der ] || [ ! -f MOK.priv ]; then \
echo -n '\e[31m'; \
echo 'Error: you must create keys before'; \
echo 'Tip: Run: make key'; \
echo 'Tip: Read README.md file'; \
echo '\e[0m'; \
exit 1; \
fi
@echo
build:
# Run kernel build system to make module
@$(call title, "Compiling")
$(MAKE) -C $(BUILDSYSTEM_DIR) M=$(PWD) modules
@echo
unbuild:
@$(call title, "Removing local binary")
$(MAKE) -C $(BUILDSYSTEM_DIR) M=$(PWD) clean
@echo
sign:
@$(call title, "Signing with the generated self-signed keys")
cp $(TARGET_MODULE).ko $(TARGET_MODULE).ko.bck
/usr/src/linux-headers-$(shell uname -r)/scripts/sign-file sha256 MOK.priv MOK.der $(TARGET_MODULE).ko
@echo
install:
@$(call title, "Installing system wide")
$(MAKE) -C $(BUILDSYSTEM_DIR) M=$(PWD) modules_install
depmod
@echo
uninstall:
@$(call title, "Removing system binary")
rm $(EXTRA_DIR)/$(TARGET_MODULE).ko
@echo
load:
@$(call title, "Loading")
modprobe $(TARGET_MODULE)
@echo
unload:
@$(call title, "Unloading")
modprobe -r $(TARGET_MODULE)
@echo
local_load:
insmod ./$(TARGET_MODULE).ko
local_unload:
rmmod ./$(TARGET_MODULE).ko
create:
# Not required since (#8 from Dreirund) as load is doing it
@$(call title, "Creating node device /dev/one")
mknod /dev/$(TARGET_MODULE) c $(shell cat /proc/devices | grep $(TARGET_MODULE)$ | cut -d ' ' -f1) 0
@echo
delete:
@$(call title, "Deleting node device /dev/$(TARGET_MODULE)")
if lsmod | grep -q '^$(TARGET_MODULE)\b'; then modprobe -r $(TARGET_MODULE); fi
if [ -e /dev/$(TARGET_MODULE) ]; then rm /dev/$(TARGET_MODULE); fi
@echo
test:
@$(call title, "Testing")
@if [ "$(shell xxd -p -l 10 /dev/one)" = "ffffffffffffffffffff" ]; then \
echo "\e[32mSUCCESS\e[0m"; \
exit 0; \
else \
echo "\e[31mFAILED\e[0m"; \
exit 1; \
fi
@echo